Class ServerSideSecretStorageImpl

Implementation of Server-side secret storage.

Secret sharing is not implemented here: this class is strictly about the storage component of SSSS.

See

https://spec.matrix.org/v1.6/client-server-api/#storage

Hierarchy

ServerSideSecretStorageImpl

Implements

ServerSideSecretStorage

Index

Constructors

constructor

new ServerSideSecretStorageImpl(accountDataAdapter: AccountDataClient, callbacks: SecretStorageCallbacks): ServerSideSecretStorageImpl
Construct a new SecretStorage.

Normally, it is unnecessary to call this directly, since MatrixClient automatically constructs one. However, it may be useful to construct a new SecretStorage, if custom callbacks are required, for example.
Parameters
- accountDataAdapter: AccountDataClient
  
  interface for fetching and setting account data on the server. Normally an instance of MatrixClient.
- callbacks: SecretStorageCallbacks
  
  application level callbacks for retrieving secret keys
Returns ServerSideSecretStorageImpl
- Defined in src/secret-storage.ts:328

Properties

`Private` `Readonly` accountDataAdapter

accountDataAdapter: AccountDataClient

interface for fetching and setting account data on the server. Normally an instance of MatrixClient.

`Private` `Readonly` callbacks

callbacks: SecretStorageCallbacks

application level callbacks for retrieving secret keys

Methods

addKey

addKey(algorithm: string, opts?: AddSecretStorageKeyOpts, keyId?: string): Promise<SecretStorageKeyObject>
Add a key for encrypting secrets.

Returns
An object with: keyId: the ID of the key keyInfo: details about the key (iv, mac, passphrase)
Parameters
- algorithm: string
  
  the algorithm used by the key.
- opts: AddSecretStorageKeyOpts = {}
  
  the options for the algorithm. The properties used depend on the algorithm given.
- Optional keyId: string
  
  the ID of the key. If not given, a random ID will be generated.
Returns Promise<SecretStorageKeyObject>
Implementation of ServerSideSecretStorage.addKey
- Defined in src/secret-storage.ts:381

checkKey

checkKey(key: Uint8Array, info: SecretStorageKeyDescriptionAesV1): Promise<boolean>
Check whether a key matches what we expect based on the key info

Returns
whether or not the key matches
Parameters
- key: Uint8Array
  
  the key to check
- info: SecretStorageKeyDescriptionAesV1
  
  the key info
Returns Promise<boolean>
Implementation of ServerSideSecretStorage.checkKey
- Defined in src/secret-storage.ts:466

get

get(name: string): Promise<undefined | string>
Get a secret from storage, and decrypt it.

getSecretStorageKey will be called to obtain a secret storage key to decrypt the secret.

Returns
the decrypted contents of the secret, or "undefined" if name is not found in the user's account data.
Parameters
- name: string
  
  the name of the secret - i.e., the "event type" stored in the account data
Returns Promise<undefined | string>
Implementation of ServerSideSecretStorage.get
- Defined in src/secret-storage.ts:541

getDefaultKeyId

getDefaultKeyId(): Promise<null | string>
Get the current default key ID for encrypting secrets.

Returns
The default key ID or null if no default key ID is set

Returns Promise<null | string>
Implementation of ServerSideSecretStorage.getDefaultKeyId
- Defined in src/secret-storage.ts:338

getKey

getKey(keyId?: null | string): Promise<null | SecretStorageKeyTuple>
Get the key information for a given ID.

Returns
If the key was found, the return value is an array of the form [keyId, keyInfo]. Otherwise, null is returned. XXX: why is this an array when addKey returns an object?
Parameters
- Optional keyId: null | string
  
  The ID of the key to check for. Defaults to the default key ID if not provided.
Returns Promise<null | SecretStorageKeyTuple>
Implementation of ServerSideSecretStorage.getKey
- Defined in src/secret-storage.ts:433

`Private` getSecretStorageKey

getSecretStorageKey(keys: Record<string, SecretStorageKeyDescriptionAesV1>, name: string): Promise<[string, Decryptors]>
Parameters
- keys: Record<string, SecretStorageKeyDescriptionAesV1>
- name: string
Returns Promise<[string, Decryptors]>
- Defined in src/secret-storage.ts:615

hasKey

hasKey(keyId?: string): Promise<boolean>
Check whether we have a key with a given ID.

Returns
Whether we have the key.
Parameters
- Optional keyId: string
  
  The ID of the key to check for. Defaults to the default key ID if not provided.
Returns Promise<boolean>
Implementation of ServerSideSecretStorage.hasKey
- Defined in src/secret-storage.ts:454

isStored

isStored(name: string): Promise<null | Record<string, SecretStorageKeyDescriptionAesV1>>
Check if a secret is stored on the server.

Returns
map of key name to key info the secret is encrypted with, or null if it is not present or not encrypted with a trusted key
Parameters
- name: string
  
  the name of the secret
Returns Promise<null | Record<string, SecretStorageKeyDescriptionAesV1>>
Implementation of ServerSideSecretStorage.isStored
- Defined in src/secret-storage.ts:589

setDefaultKeyId

setDefaultKeyId(keyId: string): Promise<void>
Set the default key ID for encrypting secrets.
Parameters
- keyId: string
  
  The new default key ID
Returns Promise<void>
Implementation of ServerSideSecretStorage.setDefaultKeyId
- Defined in src/secret-storage.ts:351

store

store(name: string, secret: string, keys?: null | string[]): Promise<void>
Store an encrypted secret on the server.

Details of the encryption keys to be used must previously have been stored in account data (for example, via addKey. getSecretStorageKey will be called to obtain a secret storage key to decrypt the secret.
Parameters
- name: string
  
  The name of the secret - i.e., the "event type" to be stored in the account data
- secret: string
  
  The secret contents.
- Optional keys: null | string[]
  
  The IDs of the keys to use to encrypt the secret, or null/undefined to use the default key.
Returns Promise<void>
Implementation of ServerSideSecretStorage.store
- Defined in src/secret-storage.ts:491

Class ServerSideSecretStorageImpl

See

Hierarchy

Implements

Index

Constructors

Properties

Methods

Constructors

constructor

Parameters

accountDataAdapter: AccountDataClient

callbacks: SecretStorageCallbacks

Returns ServerSideSecretStorageImpl

Properties

Private Readonly accountDataAdapter

Private Readonly callbacks

Methods

addKey

Returns

Parameters

algorithm: string

opts: AddSecretStorageKeyOpts = {}

Optional keyId: string

Returns Promise<SecretStorageKeyObject>

checkKey

Returns

Parameters

key: Uint8Array

info: SecretStorageKeyDescriptionAesV1

Returns Promise<boolean>

get

Returns

Parameters

name: string

Returns Promise<undefined | string>

getDefaultKeyId

Returns

Returns Promise<null | string>

getKey

Returns

Parameters

Optional keyId: null | string

Returns Promise<null | SecretStorageKeyTuple>

Private getSecretStorageKey

Parameters

keys: Record<string, SecretStorageKeyDescriptionAesV1>

name: string

Returns Promise<[string, Decryptors]>

hasKey

Returns

Parameters

Optional keyId: string

Returns Promise<boolean>

isStored

Returns

Parameters

name: string

Returns Promise<null | Record<string, SecretStorageKeyDescriptionAesV1>>

setDefaultKeyId

Parameters

keyId: string

Returns Promise<void>

store

Parameters

name: string

secret: string

Optional keys: null | string[]

Returns Promise<void>

Settings

Member Visibility

Theme

`Private` `Readonly` accountDataAdapter

`Private` `Readonly` callbacks

`Optional` keyId: string

`Optional` keyId: null | string

`Private` getSecretStorageKey

`Optional` keyId: string

`Optional` keys: null | string[]